IETF Logo Mail Archive

Re: [spfbis] RFC6147 and RFC7208 interoperability issues

Scott Kitterman <spf2@kitterman.com> Mon, 07 February 2022 14:28 UTC

Return-Path: <spf2@kitterman.com>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AC9F3A0830 for <spfbis@ietfa.amsl.com>; Mon, 7 Feb 2022 06:28:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.1
X-Spam-Level:
X-Spam-Status: No, score=-7.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=kitterman.com header.b=KObPWrHZ; dkim=pass (2048-bit key) header.d=kitterman.com header.b=mcbpxDKh
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id klrf30LaN6Bl for <spfbis@ietfa.amsl.com>; Mon, 7 Feb 2022 06:28:19 -0800 (PST)
Received: from interserver.kitterman.com (interserver.kitterman.com [64.20.48.66]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE9193A07FE for <spfbis@ietf.org>; Mon, 7 Feb 2022 06:28:19 -0800 (PST)
Received: from interserver.kitterman.com (interserver.kitterman.com [IPv6:2604:a00:6:1039:225:90ff:feaa:b169]) by interserver.kitterman.com (Postfix) with ESMTPS id 3E51BF802ED for <spfbis@ietf.org>; Mon, 7 Feb 2022 09:28:17 -0500 (EST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903e; t=1644244097; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=cj39BXWO/YubQ6Zmuv4mJEYPUAdvujgcfZpUOi3Y+wg=; b=KObPWrHZZib+osHCCWLgi33QkFO1qkHfxuI6R52HdO9SrWVXyJ/vJoFPr+b/6bdYGTz5/ hKNsaHRixOTxZDeBg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kitterman.com; i=@kitterman.com; q=dns/txt; s=201903r; t=1644244097; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type : from; bh=cj39BXWO/YubQ6Zmuv4mJEYPUAdvujgcfZpUOi3Y+wg=; b=mcbpxDKhl6/49K4EaUe6MkJHhsZhS9nYmlY1eSvPfuIWC3YOLgfaA1loC6fWWJEadzwFU 5FFGMq/9slGRNijgRQ01wRM7+Zsc3gRlWaCFay/YNYmgsVE1OFlnA0R34pWd5fJ+E94TbsO clOlIqrTwRZrIHA6RpJEX4M0QEeWhfvXCPVReol9zB8z16a92wesCsiKaACXqS1Sq/+EvUb 1/BvYcDbFuIJjJlZdykv5AZXtNIucdk0Pavw+zAm2HUkIeCxvoR+gWfumxjqJ33fsZz4PPT k4bYM1ASuaIH3fOVco9xzs2Ch9Bl1MNV9MOfcKB7eCiqSDmyVtLXnZUq7Efg==
Received: from localhost.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) by interserver.kitterman.com (Postfix) with ESMTP id 03DBAF801A9 for <spfbis@ietf.org>; Mon, 7 Feb 2022 09:28:16 -0500 (EST)
From: Scott Kitterman <spf2@kitterman.com>
To: spfbis@ietf.org
Date: Mon, 07 Feb 2022 09:28:16 -0500
Message-ID: <2244581.DCeBYFrMaS@localhost>
In-Reply-To: <20220206221619.53E4836687AF@ary.qy>
References: <20220206221619.53E4836687AF@ary.qy>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spfbis/UrbxZlymx0LkbTTtq5sj_bE46aU>
Subject: Re: [spfbis] RFC6147 and RFC7208 interoperability issues
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spfbis/>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Feb 2022 14:28:25 -0000

On Sunday, February 6, 2022 5:16:18 PM EST John Levine wrote:
> It appears that Scott Kitterman  <spf2@kitterman.com> said:
> >It looks like situations like this one were contemplated by the RFC 6147
> >
> >authors:
> >> 6.  Deployment Notes
> >> 
> >>    While DNS64 is intended to be part of a strategy for aiding IPv6
> >>    deployment in an internetworking environment with some IPv4-only and
> >>    IPv6-only networks, it is important to realize that it is
> >>    incompatible with some things that may be deployed in an IPv4-only or
> >>    dual-stack context.
> >
> >On the SPF side of the discussion, I think it would, at least in theory, be
> >feasible to interpret an ip4: mechanism as <prefix> + <address> if the
> >connection is IPv6, but I don't see how a receiving SPF processor could
> >know what the prefix is.  As I read RFC 6147 Section 5.2, it could be
> >anything.
> See RFCs 7050 and 8880 for how you find the prefix(es).
> 
> That seems like a more reasonable way to go, patch the SPF library so it
> can use the NAT's Pref64 to fudge the interpretation of ip4 and ptr.
> 
> It looks like you could automate the entire thing -- when the library starts
> up, do an AAAA query on ipv4only.arpa, and if you get plausible answers,
> you know you're behind NAT64 and reinterpret ip4 and ptr terms
> appropriately.

Thanks.

Reading RFC 7050, it looks like ipv4only.arpa can return more than one name.  
That would seem to be a complication if I'm reading it correctly.

As a practical matter, it probably doesn't matter, but RFC 7050 doesn't update 
RFC 6147, so in theory other prefix determination methods could be used.

I guess the ::ffff:0:0/96 (IPv4-mapped Address) prefix should be considered 
similarly.

Is there enough here that it would be worth an Applicability Statement?

Scott K

v2.23.0 | Report a Bug | By Email